<?#//v.3.1.1

#///////////////////////////////////////////////////////
#//  COPYRIGHT 2004 Phpauction.org ALL RIGHTS RESERVED//
#///////////////////////////////////////////////////////

include "../includes/config.inc.php";
include "loggedin.inc.php";
$TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));

if($_POST['action'] && phpa_securepost($_POST))
{
	//-- Data check
	if (!PHP_4 )
	{
	  require_once './htmlpurifier/library/HTMLPurifier.auto.php';
	  $config = HTMLPurifier_Config::createDefault();
	  $config->set('Core', 'Encoding', 'ISO-8859-1');
	  $config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
	  $config->set('HTML', 'AllowedElements', 'div,a,em,blockquote,p,code,pre,table,font,tbody,td,tr,b,strong,u,ul,li,ol');
	  $purifier = new HTMLPurifier($config);
	}
	else
	{
	   require_once './class/phpauction_purify.php';
	   $purifier = new HTMLPurifier();
	   $purifier->allowed_tags(array("div","a","em","blockquote","p","code","pre","table","font","tbody","td","tr","b","strong","u","ul","li","ol" ));
	}

	if(!$_POST['new_date'] || !$_POST['title'] || !$_POST['content']){
		$ERR = "ERR_112";
	}elseif(!ereg("^[0-9]{2}/[0-9]{2}/[0-9]{4}$",$_POST['new_date'])){
		$ERR = "ERR_117";
	}else{
		if($SETTINGS['datesformat'] != "USA"){
			$date = strval(substr($_POST['new_date'],6,4).substr($_POST['new_date'],3,2).substr($_POST['new_date'],0,2));
		}else{
			$date = strval(substr($_POST['new_date'],6,4).substr($_POST['new_date'],0,2).substr($_POST['new_date'],3,2));
		}
		//$date = strval(substr($_POST['new_date'],6,4).substr($_POST['new_date'],3,2).substr($_POST['new_date'],0,2));
		
                $clean_html = $purifier->purify(stripslashes($_POST['content'][$SETTINGS['defaultlanguage']]));
                $_POST['content'][$SETTINGS['defaultlanguage']] = $clean_html;
		$query = "UPDATE PHPAUCTIONXL_news SET title='".addslashes(htmlentities($_POST['title'][$SETTINGS['defaultlanguage']]))."',content='".$clean_html."',new_date=$date,suspended=".intval($_POST['suspended'])." WHERE id='".$_POST['id']."'";
		$res = mysql_query($query);
		if(!$res){
			$ERR = "ERR_001";
		}
		reset($LANGUAGES);
		while(list($k,$v) = each($LANGUAGES)){
			$TR=mysql_query("SELECT title FROM PHPAUCTIONXL_news_translated WHERE lang='".$k."' AND id=".$_POST['id']); 
                        $clean_html = $purifier->purify(stripslashes($_POST['content'][$k]));
                        $_POST['content'][$k] = $clean_html;
                        if ( mysql_num_rows($TR)>0 ) {
				$query = "UPDATE PHPAUCTIONXL_news_translated SET 
						title='".addslashes(htmlentities($_POST['title'][$k]))."',
						content='".addslashes($clean_html)."'
						WHERE id='".$_POST['id']."' AND
						lang='$k'";
			}else{
				$query = "INSERT INTO PHPAUCTIONXL_news_translated VALUES(
						".$_POST['id'].",
						'$k',
						'".addslashes(htmlentities($_POST['title'][$k]))."',
						'".addslashes($clean_html)."')";
			}
			@mysql_query($query);
			unset($TR);
		}	
		Header("Location: news.php");
		exit;
	}
}

if(!$_POST['action'])
{
	//--
	$query = "SELECT * FROM PHPAUCTIONXL_news WHERE id='".$_GET['id']."'";
	$res = mysql_query($query);
	if(!$res)
	{
		print $ERR_001;
		exit;
	}
	else
	{
		$title 		= stripslashes(mysql_result($res,0,"title"));
		$content 	= stripslashes(mysql_result($res,0,"content"));
		$suspended 	= mysql_result($res,0,"suspended");
		$tmp_date = mysql_result($res,$i,"new_date");
		$day = substr($tmp_date,6,2);
		$month = substr($tmp_date,4,2);
		$year = substr($tmp_date,0,4);
		$new_date = "$day/$month/$year";
	}
}
?>
<HTML>
<HEAD>
<link rel='stylesheet' type='text/css' href='style.css' />
<STYLE TYPE="text/css">
body {
scrollbar-face-color: #aaaaaa;
scrollbar-shadow-color: #666666;
scrollbar-highlight-color: #aaaaaa;
scrollbar-3dlight-color: #dddddd;
scrollbar-darkshadow-color: #444444;
scrollbar-track-color: #cccccc;
scrollbar-arrow-color: #ffffff;
}</STYLE>
<script type="text/javascript" src="../js/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
        mode : "textareas",
        theme : "advanced",
        language: "en",
        plugins : "table",
        theme_advanced_buttons1 : "backcolor, forecolor, bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo,link,unlink",
        theme_advanced_buttons2 : "fontselect, fontsizeselect, image",
        theme_advanced_buttons3 : "tablecontrols",
        theme_advanced_toolbar_location : "top",
        theme_advanced_toolbar_align : "left",
        force_br_newlines : "false",
        extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]"
});
</script>

<TITLE></TITLE>
<link href="css/main.css" rel="stylesheet" type="text/css">
</HEAD>
<body bgcolor="#FFFFFF" text="#000000" link="#0066FF" vlink="#666666" alink="#000066" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="titulo">
        <tr> 
          <td class="icono"><img src="images/content_icon2.gif" width="28" height="27" ></td>
          <td class="breadcrumbs"><p><span><?=$MSG_25_0018?></span>&nbsp;&gt;&gt;&nbsp;<?=$MSG_516?></p></td>
        </tr>
      </table>
	 </td>
  </tr>
  <tr>
    <td align="center" valign="middle">&nbsp;</td>
  </tr>
  <tr> 
    <td align="center" valign="middle">
	
	<TABLE WIDTH="95%" BORDER="0" CELLSPACING="0" CELLPADDING="0"  ALIGN="CENTER" class="base" style="border:1px solid #ccc;">
	<TR>
	 <TD ALIGN=CENTER class=title><p><? print $MSG_343; ?></p>
	 </TD>
	</TR>
	<tr>
	<td><FORM NAME=addnew ACTION="<? print basename($_SERVER['PHP_SELF']); ?>" METHOD="POST">
		<TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING=0>

		<?
		if($ERR || $updated){
		print "<TR><TD></TD><TD WIDTH=486>";
		if($$ERR) print $$ERR;
		if($updated) print "Auction data updated";
		print "</TD>
						</TR>";
		}
		?>
		<TR>
	  	<TD WIDTH="125" VALIGN="top">
		<p class="blue"><? print "$MSG_522 *"; ?></p>
	  	</TD>
	  	<TD WIDTH="486">
	  	<?
	  	if($SETTINGS['datesformat'] != "USA")
	  	{
	  	$DATE = Date("d/m/Y",$TIME);
	  	$SAMPLE = " (dd/mm/yyyy)";
	  	}
	  	else
	  	{
	  	$DATE = Date("m/d/Y",$TIME);
	  	$SAMPLE = " (mm/dd/yyyy)";
	  	}
	  	$res_tr = @mysql_query("SELECT * FROM PHPAUCTIONXL_news_translated WHERE id=".$_GET['id']);
		while($tr=mysql_fetch_array($res_tr)){
			$TIT_TR[$tr['lang']] = $tr['title'];
			$CONT_TR[$tr['lang']] = $tr['content'];
		}
		?>
		<INPUT TYPE=text NAME=new_date SIZE=10 MAXLENGTH=10 VALUE="<?=$DATE;?>"> <?=$SAMPLE?>
	  	</TD>
		</TR>
		<TR>
	  	<TD WIDTH="125" VALIGN="top" class="gris">
		<p class="blue"><? print "$MSG_519 *"; ?></p>
	  	</TD>
	  	<TD WIDTH="486" class="gris">
		<IMG SRC="../includes/flags/<?=$SETTINGS['defaultlanguage']?>.gif">&nbsp;<INPUT TYPE=text NAME=title[<?=$SETTINGS['defaultlanguage']?>] SIZE=40 MAXLENGTH=255 VALUE="<?=stripslashes($TIT_TR[$SETTINGS['defaultlanguage']])?>">
		<?
			reset($LANGUAGES);
			while(list($k,$v) = each($LANGUAGES)){
				if($k!=$SETTINGS['defaultlanguage']) print "<BR><IMG SRC=../includes/flags/".$k.".gif>&nbsp;<INPUT TYPE=text NAME=title[$k] SIZE=40 MAXLENGTH=255 VALUE=\"".stripslashes($TIT_TR[$k])."\">";
			}
		?>
	  	</TD>
		</TR>

		<TR>
	  	<TD WIDTH="204" VALIGN="top">
		<p class="blue"><? print "$MSG_520 *"; ?></p>
		  </TD>
	  	<TD WIDTH="486">
		<IMG SRC="../includes/flags/<?=$SETTINGS['defaultlanguage']?>.gif"><BR />
		<TEXTAREA NAME=content[<?=$SETTINGS['defaultlanguage']?>] COLS=65 ROWS=20><?=stripslashes($CONT_TR[$SETTINGS['defaultlanguage']])?></TEXTAREA>
		<?
			reset($LANGUAGES);
			while(list($k,$v) = each($LANGUAGES)){
				if($k!=$SETTINGS['defaultlanguage']) print "<BR /><IMG SRC=../includes/flags/".$k.".gif><BR /><TEXTAREA NAME=content[$k] COLS=65 ROWS=20>".stripslashes($CONT_TR[$k])."</TEXTAREA>";
			}
		?>
	  	</TD>
		</TR>

		<TR>
	  	<TD WIDTH="204" VALIGN="top" class="gris">
		<p class="blue"><? print "$MSG_521 *"; ?></p>
	  	</TD>
	  	<TD WIDTH="486" class="gris">
		<INPUT TYPE=radio NAME=suspended value=0
		<?
		if($suspended == 0) print " CHECKED";
		?>
		>
		<? print $MSG_030; ?>
		<INPUT TYPE=radio NAME=suspended value=1
		<?
		if(suspended == 1) print " CHECKED";
		?>
		> <? print $MSG_029; ?>
	  	</TD>
		</TR>

		<TR>
	  	<TD WIDTH="204">&nbsp;
		</TD>
	  	<TD WIDTH="486">
		<INPUT TYPE=submit VALUE="<?=$MSG_530?>" class="action">
	  	</TD>
		<tr>
		<td colspan="2">
		<INPUT type="hidden" NAME="id" VALUE="<? echo $_GET['id']; ?>">
		<INPUT type="hidden" NAME="offset" VALUE="<? echo $_GET['offset']; ?>">
		<INPUT type="hidden" NAME="action" VALUE="addnew">
		<INPUT TYPE="hidden" NAME="security" VALUE="<?php echo $_SESSION['security'];?>" />
		</td></TR>
		</TABLE>
		</FORM>
		</TD>
		</TR>
		</TABLE>
		
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
